NFC is an acronym for Near Field Communication. NFC enables a communication between two objects, for instance between a mobile terminal and a base station that has been equipped with an integrated or an ad hoc antenna. NFC's specificity is that the communication is established over a distance of a few centimeters, or even with the two objects touching. This is the main difference with other wireless technologies such as Bluetooth and Wi-Fi that allow communication over a much larger distance.
Generally speaking NFC system comprises a terminal device or a tag, a base station, which many times is so called NFC reader for reading (and also writing is some cases) information from the terminal capable to NFC communication and/or NFC tag, and lot of back-end systems in order to provide information to be delivered, but also managing and controlling the data to be transferred as well as establishing secure paths for utilizing the NFC technique. It should also be mentioned that NFC communication is not limited to a pair of two devices, but merely the devices can talk with multiple other devices over NFC technology.
The application areas of NFC technology are diversified. NFC technology as such would serve in a very good way such areas in which contactless operation increases the speed of service, for example. Such areas of application are contactless tokens, ticketing and payments as well as pairing different devices for one reason or another.
As can already be seen from the application areas of the NFC technology one of the most important aspects is to arrange security for each of the steps in NFC system. The general risks in NFC, as in other wireless communication also, are eavesdropping, data corruption, data modification, data insertion and man-in-the-middle-attack, for example.
FIG. 1 illustrates a simplified diagram of an NFC system. Firstly, there are one or more service providers 1001-100N, who are offering a NFC service. Some examples of the service providers 1001-100N can be shops, transport authorities and cinemas. The service providers arrange so called back-end functionalities for NFC services, such as charging, validity, content related issues for example. Additionally, the service providers offer necessary applications for both user terminals 110 of end-users and/or points-of-sales 120 having the NFC readers 121 in place. According to some embodiment the NFC system also comprises so called trusted service manager (TSM) 130 between the service providers 1001-N and the user terminals 110 of the end-users. The role of TSM 130 is important due to the fact that usually service providers want to offer the NFC service independently on the telecom operator needed for establishing several communication channels between the parties of the NFC system. The TSM 130 interconnects the telecom operators and service providers. Additionally, the TSM 130 guarantees security and confidentiality between service provides and network operators among other tasks. Moreover, TSM 130 enables that each party in the NFC system can concentrate to essential issues from their perspective. For example, the service providers have one-stop shop for establishing the NFC service if they have the service itself in place when using TSMs' 130 services. There is no need to spend time and money for e.g. security related issues since TSM 130 takes care of those. Naturally, if a service provider 1001-100N is willing to arrange everything mentioned above among other necessary tasks in order to establish a NFC service, one can do that without any cooperation with a TSM 130. Even if FIG. 1 illustrates only one TSM 130, there are typically multiple TSMs 130 operating parallel in the markets.
However, the above described system causes challenges especially from end-user's point of view. In order to use NFC services from different service operators the user needs to download a corresponding application 1121-N into the user terminal. Thus, it means that an end-user may have dozens of applications 1121-112N from different service providers only for NFC purposes. Additionally, such a situation needs also some configuration of a SIM (Subscriber Identity Module) card (or UICC; Universal Integrated Circuit Card) managed by the telecom operator since at least some parts of the application and/or data need to be stored to a secure element such as SIM card in order to arrange secure environment for NFC service. Typically, the space in a secure element is allocated to service providers by creating supplementary security domain according to Global Platform standards. Such parts of the service and/or data is referred with 1141-114N in FIG. 1. Naturally, the utilization of the secure element owned by the telecom operator requires arrangements of contractual issues between the telecom operator and the service provider(s) 1001-100N and/or TSM 130.
When the user wants to use NFC service when e.g. being in a point-of-sale, the user needs to select an application 1121-112N in order to activate the NFC service in the user terminal and additionally the user needs to find the data (e.g. a ticket or coupon) to be used by means of the application. After those actions the user is ready to take his or her user terminal to the vicinity of the NFC reader in order to accomplish the NFC service. The activation of the service in the NFC reader 121 may initialize some data exchange between the systems and devices in the point-of-sale 120 and the backend systems of service providers 1001-100N.
Furthermore, the arrangement of secure communication channels between the parties of the NFC system is also a topic due to the application areas of NFC technology. Firstly, the service providers 1001-100N and TSM 130 needs to communicate in a secure way in order to enabling the creation of user-specific data by the service providers 1001-100N and transfer of it the user terminal of the end-user through TSM 130. The service providers 1001-100N and TSM 130 arrange the communication by establishing a heavily secured communication channel 140 based on encryption keys for each of the service providers 1001-100N, which are exchanged e.g. manually so that the established communication channel really is secure. The communication channel 150 from TSM 130 to a user terminal 110 of the end user is secured by the telecom operator as the wireless transmission comprises its own encryption algorithms, which can be trusted. Typically, so called Global Platform Secure Channel Protocols like SCP02 and SCP80 are used.
Additionally, the service providers 1001-100N need to communicate with devices and systems in the point-of-sale 120 in order to deliver the necessary data to and from the NFC readers 121 residing in the point-of-sale 120. For that purpose a secure communication channel 160 can also be established. For example, so call Hypertext Transfer Protocol Secure (HTTPS) can be utilized. Lastly, the communication channel 170 between the NFC reader 121 and the user terminal 110 is secured with some encryption method which can be arranged by TSM 130 by creating and delivering necessary encryption keys to both the NFC reader 121 and to the user terminal 110 to be used in the mutual communication. Another aspect is that there are several encryption keys involved in NFC ecosystem. Key exchange ceremonies/procedures between ecosystem players like. SP, TSM, MNO are taken care of with well-known and trusted technologies and processes.
As can be seen from the above the NFC system requires lot of arrangement in order to bringing the NFC service into the market. Moreover and especially, the described system from end-user point of view is heavy and the NFC service is challenging to use. Additionally, the current system does not speed up the use of the service in the point-of-sale, which, in turn, may reduce end-users' willingness to adopt the NFC technology as a whole. If there are several service provider specific applications, which in practice are doing very similar tasks, it increases the work load and costs relating to testing, certification and life cycle management of these applications, for instance.